ISPConfig 3.1.14 broke the interface

Discussion in 'Installation/Configuration' started by Apryaldy, Jul 9, 2019.

  1. Apryaldy

    Apryaldy Banned

    Hi,

    I just made an update via: ispconfig_update.sh
    Didn't make any change on the update progress, normally this should be fine, right?

    However, once the update finished and i visited the ispconfig pages, the display are broken.
    I notice all the url requested via https, even though i set the ispconfig to no ssl.
    and once i directed the browser via https, the control panel can't be accessed at all.

    Please advice, how to solve this isssue.
    Thanks.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which Linux distribution and version? Did you manually edit the ispconfig.vhost file before?
     
  3. Apryaldy

    Apryaldy Banned

    I am using: Linux 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u3 (2019-06-16) x86_64 GNU/Linux
    Nope, never touch the vhost file manually.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    That's a kernel version, not the distribution or distribution version. Which Linux distribution (probably debian or Ubuntu) and which version of that distribution do you use?
     
  5. Apryaldy

    Apryaldy Banned

    Last edited: Jul 9, 2019
  6. bch

    bch Member

    I have the same issue on a local server with no certificate active on the ispconfig interface. I could not fix the error so I reinstalled the update and chose to generate the self signed certificate. After accepting it in the browser, the ispconfig interface showed up normally. Tried to disable the ssl conf in the ispconfig vhost and the problem came back. Every .js file is loaded via https and fails, and the login screen looks wrong with almost no css etc. I believe when accessing a .js files directly, the error was "ssl_error_rx_record_too_long". First I noticed new "security features" in the head section of the login page html and thought maybe they forced the client to load scripts via https. Then I loaded another website with "forced https" on the server and it wouldn't load too - untill I chose to reinstall the update and generate the self signed certificate for the ispconfig interface. I'm not at the local network at the moment. Ubuntu 18.04.
     
  7. Apryaldy

    Apryaldy Banned

    Have you manage to resolve the issue?
    I am trying to re update again, using manual update but the result still same.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    It might be that there is a problem with non-ssl vhosts then. You should consider to switch to SSL for security reasons anyway. If that's no option, then please post the ispconfig.vhost file from /etc/apache2/sites-available/ so that I can have a look at it. Or you take the original ispconfig.vhost file from the etc backup that ISPConfig created in /var/backup/.... during update and replace your current one with the old one.
     
    Apryaldy likes this.
  9. Apryaldy

    Apryaldy Banned

    Here is the vhost file
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################

    Listen 2087
    NameVirtualHost *:2087

    <VirtualHost _default_:2087>
    ServerAdmin webmaster@localhost

    <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>

    <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
    Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
    AllowOverride AuthConfig Indexes Limit Options FileInfo
    <FilesMatch "\.php$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
    Require all granted
    </Directory>
    IPCCommTimeout 7200
    MaxRequestLen 15728640
    </IfModule>

    <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
    # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
    Options +FollowSymLinks
    AllowOverride None
    Require all granted
    php_value magic_quotes_gpc 0
    </Directory>
    </IfModule>

    # ErrorLog /var/log/apache2/error.log
    # CustomLog /var/log/apache2/access.log combined
    ServerSignature Off

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    # SSL Configuration
    SSLEngine On
    SSLProtocol All -SSLv3
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder On

    <IfModule mod_headers.c>
    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
    <IfVersion >= 2.4.7>
    Header setifempty Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    <IfVersion < 2.4.7>
    Header set Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    RequestHeader unset Proxy early
    </IfModule>

    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    </VirtualHost>

    <IfModule mod_ssl.c>
    SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>

    <Directory /var/www/php-cgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    <Directory /var/www/php-fcgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    i noticed there was additional line compared to the latest work:
    Code:
    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    #Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
    <IfVersion >= 2.4.7>
    Header setifempty Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    <IfVersion < 2.4.7>
    Header set Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    As your suggestion, i revert it back to the latest working vhost
    and it's working
    thank you!
     
    Last edited: Jul 10, 2019
  10. Thane

    Thane New Member

    Debian 9.9 / Apache

    I had this same issue running latest ISPC update, I had to comment this line from /etc/apache2/sites-available/ispconfig.vhost
    #Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"

    After that ISPC was accessible. I tried adding https to ISPC admin with the auto script, when uncommenting that Header in ispc.vhost the issue comes back despite the good https, will investigate more before updating other servers, will update here if/when I get it figured out :/
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The line works fine here on my servers with https, it's used on most ISPConfig systems that have been newly installed in the past 6 months and we did not receive any issue reports during that time. Besides that, the issue is fixed in GIT already. Maybe its a browser cache issue that you still get the problem after enabling https?
     
  12. Apryaldy

    Apryaldy Banned

    Just want to let you know that the issue occurred again during update to version: 3.1.14p2
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the content of your ispconfig.vhost file as it was right after update.
     
  14. Apryaldy

    Apryaldy Banned

    i am sorry
    i already made some modification, but only adding "#" on the SSL line, not quite remember which line is modified to revert it back.
    But, here is the value:
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################

    Listen 2080
    NameVirtualHost *:2080

    <VirtualHost _default_:2080>
    ServerAdmin webmaster@localhost

    <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>

    <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
    Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
    AllowOverride AuthConfig Indexes Limit Options FileInfo
    <FilesMatch "\.php$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
    Require all granted
    </Directory>
    IPCCommTimeout 7200
    MaxRequestLen 15728640
    </IfModule>

    <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
    # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
    Options +FollowSymLinks
    AllowOverride None
    Require all granted
    php_value magic_quotes_gpc 0
    </Directory>
    </IfModule>

    # ErrorLog /var/log/apache2/error.log
    # CustomLog /var/log/apache2/access.log combined
    ServerSignature Off

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    # SSL Configuration
    #SSLEngine On
    # SSLProtocol All -SSLv3
    # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

    #SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    #SSLHonorCipherOrder On

    <IfModule mod_headers.c>
    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
    #Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    #Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure
    <IfVersion >= 2.4.7>
    Header setifempty Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    <IfVersion < 2.4.7>
    Header set Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    RequestHeader unset Proxy early
    </IfModule>

    # SSLUseStapling On
    #SSLStaplingResponderTimeout 5
    #SSLStaplingReturnResponderErrors Off
    </VirtualHost>

    <IfModule mod_ssl.c>
    SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>

    <Directory /var/www/php-cgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    <Directory /var/www/php-fcgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>
     
  15. mrbcast

    mrbcast New Member

    I am also having this same trouble.
     
  16. Apryaldy

    Apryaldy Banned

    Just information that this is still happened in recent update.
    Here is my vhost
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################

    Listen 2080
    NameVirtualHost *:2080

    <VirtualHost _default_:2080>
    ServerAdmin webmaster@localhost

    <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>

    <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
    Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
    AllowOverride AuthConfig Indexes Limit Options FileInfo
    <FilesMatch "\.php$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
    Require all granted
    </Directory>
    IPCCommTimeout 7200
    MaxRequestLen 15728640
    </IfModule>

    <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
    # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
    Options +FollowSymLinks
    AllowOverride None
    Require all granted
    php_value magic_quotes_gpc 0
    </Directory>
    </IfModule>

    # ErrorLog /var/log/apache2/error.log
    # CustomLog /var/log/apache2/access.log combined
    ServerSignature Off

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    # SSL Configuration
    #SSLEngine On
    # SSLProtocol All -SSLv3
    # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

    #SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    #SSLHonorCipherOrder On

    <IfModule mod_headers.c>
    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
    #Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    #Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure
    <IfVersion >= 2.4.7>
    Header setifempty Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    <IfVersion < 2.4.7>
    Header set Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    RequestHeader unset Proxy early
    </IfModule>

    # SSLUseStapling On
    #SSLStaplingResponderTimeout 5
    #SSLStaplingReturnResponderErrors Off
    </VirtualHost>

    <IfModule mod_ssl.c>
    SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>

    <Directory /var/www/php-cgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    <Directory /var/www/php-fcgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################

    Listen 2080
    NameVirtualHost *:2080

    <VirtualHost _default_:2080>
    ServerAdmin webmaster@localhost

    <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>

    <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
    Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
    AllowOverride AuthConfig Indexes Limit Options FileInfo
    <FilesMatch "\.php$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
    Require all granted
    </Directory>
    IPCCommTimeout 7200
    MaxRequestLen 15728640
    </IfModule>

    <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
    # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
    Options +FollowSymLinks
    AllowOverride None
    Require all granted
    php_value magic_quotes_gpc 0
    </Directory>
    </IfModule>

    # ErrorLog /var/log/apache2/error.log
    # CustomLog /var/log/apache2/access.log combined
    ServerSignature Off

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    # SSL Configuration
    SSLEngine On
    SSLProtocol All -SSLv3
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder On

    <IfModule mod_headers.c>
    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
    <IfVersion >= 2.4.7>
    Header setifempty Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    <IfVersion < 2.4.7>
    Header set Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    RequestHeader unset Proxy early
    </IfModule>

    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    </VirtualHost>

    <IfModule mod_ssl.c>
    SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>

    <Directory /var/www/php-cgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    <Directory /var/www/php-fcgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    i don't know, but do i need to fresh install the ISPConfig3 all over again?
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    No, just says yes when the updater asks to recreate SSL certs if you did not had SSL enabled during install. ISPConfig requires SSL now on its interface. So the new ispconfig vhost file you posted is fine, it has SSL enabled as it should be. in case you missed to create SSL certs, then you can let the ISPConfig updater do that during update.
     
    Apryaldy likes this.
  18. Apryaldy

    Apryaldy Banned

    I see, i will try that.
    Thank you!
     
  19. Steffan

    Steffan Member

    today this also happend to me. no images in softaculous
    i removed the line

    Code:
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    
    in
    Code:
    /etc/httpd/conf/sites-enabled/000-ispconfig.vhost
    Will this stick in updates?
     
  20. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Rather than removing that header, you should modify it - if the problem is not loading an image, it is the img-src you need to modify (eg. to allow from 'self' as well as softaculous' server?).

    No, you would have to use a conf-custom file for your changes to survive updates.

    Alternately, if you're running apache you can change that header in a .htaccess file. Eg. if softaculous runs from a specific directory, add/change the .htaccess file there to replace the default Content-Security-Policy with the one you modified. If Softaculous ships with a .htaccess file already (which is a common practice), you might even bring that up with them and see if they'd fix it upstream.
     

Share This Page